#correctness
Rulesets (18)
r2cA collection of opinionated rules for best practices in popular languages. Recommended for users who want really strict coding standards.
r2cFind common bugs, errors, and logic issues in popular languages.
Yoann PadioleauDefault ruleset for OCaml, by r2c
Grayson HardawayRuleset accompanying r2c OWASP presentation.
r2cScan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production.
r2cUse recommended rulesets specific to your project. Auto config is not a ruleset but a mode that scans for languages and frameworks and then uses the Semgrep Registry to select recommended rules. Semgrep will send a list of languages, frameworks, and your project URL to the Registry when using auto mode (but code is never uploaded).
r2cSecurity checks for docker-compose configuration files.
r2cSecurity checks for kubernetes configuration files.
r2cRules for linting Semgrep rule YAML files for errors or performance problems
Written by the Trail of Bits security experts. See https://github.com/trailofbits/semgrep-rules for more.
Use Semgrep as a universal linter to identify vulnerabilities and code smells in your code base with the eslint rule pack.
Use Semgrep as a universal linter to identify vulnerabilities and code smells in your code base with the eslint rule pack.
r2cScan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production. Supports Python, Java, JavaScript, and Go.
r2cScan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production.
r2cScan for runtime errors, logic bus, and high-confidence security vulnerabilities. Recommended for use in CI to block serious issues from reaching production.
Mobile Security FrameworkWritten by the MobSF team. See https://github.com/MobSF/mobsfscan for more.
Grayson HardawayRuleset for OWASP SF
Rules for finding odd Go code. See github.com/dgryski/semgrep-go to contribute.